Rbl-add-ip: Difference between revisions
No edit summary |
No edit summary |
||
| Line 1: | Line 1: | ||
== rbl_add_ip.pl == | == rbl_add_ip.pl == | ||
''Newer version exists that fixes the Clean code. Fix me'' | |||
For our RBL implementation at work, we went with a [[http://bind-dlz.sourceforge.net/ DLZ]] named, initially using the "file system" driver (proof of concept) then change to a BDBHPT driver. The latest patches are here [[http://projects.navynet.it/]] . | For our RBL implementation at work, we went with a [[http://bind-dlz.sourceforge.net/ DLZ]] named, initially using the "file system" driver (proof of concept) then change to a BDBHPT driver. The latest patches are here [[http://projects.navynet.it/]] . | ||
Revision as of 07:24, 23 January 2007
rbl_add_ip.pl
Newer version exists that fixes the Clean code. Fix me
For our RBL implementation at work, we went with a [DLZ] named, initially using the "file system" driver (proof of concept) then change to a BDBHPT driver. The latest patches are here [[1]] .
To create the BDB files, add/remove/list IP's we wrote this perl script.
[rbl_add_ip.pl] 2006-11-02
Download the script and change the path location of your DBD's and DB environment home. To initially create your BDB files use:
./rbl_add_ip.pl -Z
But you do not want to run that on a live system, it will erase your BDB files.
Other uses are:
# ./rbl_add_ip 123.2.12.3 # ./rbl_add_ip -d 123.2.12.3 # ./rbl_add_ip 12.22.22.34 "550 You sent too much spam, you suck." # ./rbl_add_ip -D 86400
The default message is:
450 You have been blocked for sending SPAM or similar.
which is a little tame, but the 450 message has saved me already. (Real servers queue the emails when some servers were added by mistake).
The whitelist file is a file of perl regular expressions on each line. For example:
^127.0.0.1$ ^192.168. .your.domain.com$
The current list of RBL codes (is this current? It was not easy to find)
"127.0.0.2"=>"UCE",
"127.0.0.3"=>"Fraud",
"127.0.0.4"=>"Spam Promo",
"127.0.0.5"=>"Illegal Content",
"127.0.0.6"=>"Pre-emptive",
"127.0.0.7"=>"Improper List Practices"
"127.0.0.8"=>"Botnet Activity / Malware"
Where rbl_add_ip.pl will use "2" unless otherwise specified.
The named.conf entry we use here, is for a Concurrant DLZ bdbhpt setup:
dlz "bdbhpt zone" { database "bdbhpt C /etc/ns DLZ.dnsdata.db"; };
Please note that "/etc/ns" and "DLZ.dnsdata.db" entries here, has to match the setting in rbl_add_ip.pl for $dbenvpath and $dbfilename.
There is currently an idea of temporary vs permanent additions. If you use the -p switch when adding an IP to RBL, it will be added permanently. The only difference is in the records TTL. However, using the -D <age> option, rbl_add_ip.pl will clean out entries that are temporary and older than <age> (in seconds). That way you can put an IP in the penalty box for, say, 24 hours. (-D 86400). If you do not use the -D option, all entries stay in the BDB until you use the -d option to delete them.
For sendmail, we add this code:
# cat rbl.m4
FEATURE(`delay_checks')
define(`DNSBL_MAP', `dns -R A -a. -r2 -d3')dnl
dnl FEATURE(dnsbl,`rbl.domain.com')dnl
FEATURE(`dnsbl', `rbl.domain.com', `$&{client_addr}": "$>GetTXT $&{client_addr} $| rbl.domain.com $| $(dequote "Address " $&{client_addr} " blocked by rbl.domain.com" $)')
LOCAL_CONFIG
KDNSTXT dns -R TXT
LOCAL_RULESETS
# Pass in $&{client_addr} $| txt-lookup.dom.ain $| default-text
SGetTXT
R$-.$-.$-.$- $| $+ $| $+ $: $(DNSTXT $4.$3.$2.$1.$5 $: $6 $)
Watch out for the TAB in the last line!
Currently, our RBL are as follows:
-rw-rw-rw- 1 root other 8785887232 Nov 2 09:16 DLZ.dnsdata.db 530327 Number of hash buckets. 18,178,801 IPs in the Database.